fix ability to log in after changing mail #198

sanderhurlen · 2021-05-10T09:25:34Z

fixes #180

freshfish70 · 2021-05-10T09:42:17Z

src/services/ElectionOrganizerService.ts

+            if (storedPassword !== strippedOrganizer.password) {
+                const hashedPassword = await encryptionService.hash(organizerDTO.password)


This in-equality check will always be satisfied.
As the storedPassword can never be equal to the password provided in the request(assuming we never provide the password to the frontend....), as this is either a new one (in plain text, not hashed) or undefined.

To fix this, check if there is a password provided, not undefined and not empty string + (@spiftire is creating validation). Then just hash that password and update, it is not possible to perform an equality as a new hash would always be different, even with the same input :D

fix ability to log in after changing mail

a07751e

sanderhurlen added the bug This is a bug label May 10, 2021

sanderhurlen added this to the Sprint 18 milestone May 10, 2021

sanderhurlen self-assigned this May 10, 2021

freshfish70 reviewed May 10, 2021

View reviewed changes

spiftire approved these changes May 10, 2021

View reviewed changes

sanderhurlen closed this May 10, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix ability to log in after changing mail #198

fix ability to log in after changing mail #198

sanderhurlen commented May 10, 2021

freshfish70 May 10, 2021

		if (storedPassword !== strippedOrganizer.password) {
		const hashedPassword = await encryptionService.hash(organizerDTO.password)

fix ability to log in after changing mail #198

fix ability to log in after changing mail #198

Conversation

sanderhurlen commented May 10, 2021

freshfish70 May 10, 2021

Choose a reason for hiding this comment